If PGP and S/MIME are in your email encryption process, you'll want to take action against this vulnerability, dubbed EFAIL.
InfoRisk Today reports:
European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails and data: PGP and S/MIME.
The vulnerabilities "might reveal the plaintext of encrypted emails, including encrypted emails sent in the past," the researchers warn. And until the flaws get resolved, they recommend that everyone disable any tools that decrypt PGP emails by default.
There is not yet a full fix for the problem, says Sebastian Schinzel, a professor of computer security at Germany's Münster University of Applied Sciences, who's part of the research team - together with researchers from Ruhr-University Bochum in Germany and KU Leuven University in Belgium - that has found the flaws. The researchers have dubbed the flaws efail.